Tag Archives: security

How Prepared Are You for a Cybersecurity Incident?

In the past decade we have seen companies defined by how their leadership responded to a cybersecurity incident.  The most prominent incident is a data breach, which is becoming a too common occurrence, involving billions of people.

HOW TO CREATE A REALLY STRONG PASSWORD: A PEN TESTER’S PERSPECTIVE

CREATE A REALLY STRONG PASSWORD: A PEN TESTER’S PERSPECTIVE. Attackers have figured out how to crack even what you and I think are the toughest passwords.  HALOCK pen testers almost always find passwords as a weak spot in every investigation. With so much at stake, it’s a wonder why password safety still isn’t being taken […]

HOW TO FIND THE RIGHT QSA

Author: Todd Becker, PCI QSA, ISO 27001 Auditor If you are a Level 1 or Level 2 merchant, complying with the Payment Card Industry Data Security Standard (PCI DSS) continues to get more complicated.  The stakes have never been higher for large organizations that process payments.  With major data breaches constantly in the headlines like Target, […]

Code Spaces Spaced Out On Data Security

Author: Terry Kurzynski, ISO 27001 Auditor, CISSP, CISA, PCI QSAThe information security community is abuzz with the news of Code Spaces closing its doors after having all of its client’s data erased by an attacker who gained access to their environment. Code Spaces offered their clients a “code repository” service – think Subversion-as-a-Service – and convinced […]

Vendor Risk Management Hype Extends Beyond Target®

The Target® Breach in November 2013 lives infamously in our memories and has served as a pivot point for all businesses with regard to third party vendor management.  After all, who could have imagined that the giant retailer would have been breached through a seemingly insignificant third party that didn’t seem to have direct network […]

We Need a Risk Management Tipping Point

While preparing for a keynote talk at CAMP IT that is rapidly coming up I was struggling to find the main point of my talk. I had been puzzling for several weeks, asking myself what single message I wanted to leave my audience with. I’ve been speaking for some time now about information security and […]